Tuesday, 21 November 2006

You should be safe, of course, because you read Daring Fireball, and so you know that you should turn off Safari’s incredibly foolish “Open ‘safe’ files after downloading” preference. But given that this preference, which in my opinion shouldn’t even exist, is on by default, most Mac users are vulnerable to attack via this exploit. If you have this preference turned off, you’ll still get a kernel panic if you manually attempt to mount the disk image, but if you have the preference turned on, you’ll get a kernel panic just by downloading the file — and any web site you visit can initiate a file download automatically.

Question for Apple: How many times must this Safari preference be exploited before you remove it from Safari, or at least turn it off by default?